DEV Community

Mhammed Talhaouy
Mhammed Talhaouy

Posted on

4

🐳 10 Docker Best Practices Every Developer Should Know - With Examples!

Docker Best Practices
As containerization becomes crucial in modern development, here are essential Docker practices with real-world implementations:

  1. Use Multi-Stage Builds
# Build stage
FROM node:16 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build

# Production stage
FROM node:16-slim
COPY --from=builder /app/dist /app
EXPOSE 3000
CMD ["node", "app"]
Enter fullscreen mode Exit fullscreen mode

Result: Production image size reduced by up to 90%!

  1. Leverage .dockerignore
node_modules
npm-debug.log
Dockerfile
.git
.env
*.md
Enter fullscreen mode Exit fullscreen mode

Keep your builds clean and secure by excluding unnecessary files.

  1. Pick Specific Base Image Tags
# ❌ Bad practice
FROM node:latest

# ✅ Good practice
FROM node:16.17.0-alpine3.16
Enter fullscreen mode Exit fullscreen mode

Ensures consistency across environments and prevents unexpected breaks.

  1. One Container, One Process
# ✅ Good practice
FROM nginx:alpine
COPY ./web-app /usr/share/nginx/html
# Single process: nginx
CMD ["nginx", "-g", "daemon off;"]
Enter fullscreen mode Exit fullscreen mode
  1. Optimize Layer Caching
# ✅ Good practice
COPY package.json package-lock.json ./
RUN npm install
# Source code changes don't trigger node_modules reinstall
COPY . .
Enter fullscreen mode Exit fullscreen mode
  1. Use Non-Root Users
FROM node:16-alpine
# Create app directory and user
RUN mkdir /app && addgroup -S appgroup && adduser -S appuser -G appgroup
WORKDIR /app
# Switch to non-root user
USER appuser
COPY --chown=appuser:appgroup . .
Enter fullscreen mode Exit fullscreen mode
  1. Scan for Vulnerabilities
# Using Trivy in CI/CD
trivy image your-image:tag
Enter fullscreen mode Exit fullscreen mode

Set up automated scanning in your pipeline for continuous security.

  1. Keep Images Minimal
# ✅ Good practice: Using alpine
FROM python:3.9-alpine
RUN apk add --no-cache postgresql-libs
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
Enter fullscreen mode Exit fullscreen mode
  1. Cache Dependencies Wisely
# ✅ Good practice
COPY package.json yarn.lock ./
RUN yarn install --frozen-lockfile
COPY . .
Enter fullscreen mode Exit fullscreen mode
  1. Set Resource Limits
# Docker run with limits
docker run -d \
  --name myapp \
  --memory="512m" \
  --cpus="1.0" \
  your-image:tag
Enter fullscreen mode Exit fullscreen mode

Docker Compose version:

services:
  web:
    image: your-image:tag
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 512M
Enter fullscreen mode Exit fullscreen mode

🔍 Bonus: Environment Variables Best Practices

# ❌ Bad practice: Hardcoding
ENV API_KEY=1234567890

# ✅ Good practice: Using ARG for build-time variables
ARG BUILD_VERSION
ENV APP_VERSION=$BUILD_VERSION

# ✅ Better practice: Using docker-compose.yml
# docker-compose.yml
services:
  app:
    env_file:
      - .env.production
Enter fullscreen mode Exit fullscreen mode

💡 Pro Tip: Always maintain a clear documentation for your Docker setup:

# Service Name
## Build
`docker build -t service-name .`

## Run
`docker run -p 3000:3000 service-name`

## Environment Variables
- `PORT`: Application port (default: 3000)
- `NODE_ENV`: Runtime environment

## Resource Requirements
- Memory: 512MB minimum
- CPU: 1 core recommended
Enter fullscreen mode Exit fullscreen mode

What Docker practices have improved your development workflow? Share your experiences below!

Sentry blog image

Identify what makes your TTFB high so you can fix it

In the past few years in the web dev world, we’ve seen a significant push towards rendering our websites on the server. Doing so is better for SEO and performs better on low-powered devices, but one thing we had to sacrifice is TTFB.

Read more

Top comments (0)

Billboard image

Try REST API Generation for MS SQL Server.

DevOps for Private APIs. With DreamFactory API Generation, you get:

  • Auto-generated live APIs mapped from database schema
  • Interactive Swagger API documentation
  • Scripting engine to customize your API
  • Built-in role-based access control

Learn more

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay